Hi everybody, I've been asked to make some validations with a X509Certificate, I've tried to make them by googleing some samples on the web, but no success
I have a Web Application which connects to a Restful Web Service, this Web Service return an XML document which is signed, so it contains a Signature Tag
which contains child nodes with an X509Certificate. I've been asked to verify:
1. The signature of the certificate
2. The revocation status of the certificate
3. If the certificate has been issued by a trusted root
The problem is that the only parameter I have is that X509 Certificate data which I convert to X509Certificate java type.
I've found examples of OCSP and Signature validations which I tested in other projects and they always require two certificates: A trusted one and the target.
In my case I have the target which I receive from the Web Service as I menctioned before, but I don't have any other certificate.
So my question is: The validations I mentioned are possible to perform with only one certificate like the one I'm getting from the XML or I need two as a mandatory requirement?
And if I need two certificates, how should they be related?
Maybe it's a dummy question but it's the first time I heard about this time of requirement and I haven't work with certificates too much
Please if somebody could help me I will be grateful. Thanks in advance for any help.